1. Field of the Invention
The present invention generally relates to electronic circuits and, more specifically, to the protection of data contained in a memory associated with a microprocessor against an extraction thereof, especially after fault injections into the electronic circuit operation. The present invention more specifically relates to microcontrollers integrating both a microprocessor and data storage elements.
2. Discussion of the Related Art
FIG. 1 partially and schematically illustrates an example of a simplified architecture of an integrated circuit 1, for example a microcontroller, of the type to which the present invention applies. Circuit 1 comprises a central processing unit 11 (CPU) associated with a program memory 12 (ROM) generally of read-only memory type, with one or several data memories 13 (MEM), and with an input/output circuit 14 (I/O) enabling data exchange with the outside of the circuit. The different elements communicate over one or several data, address, and control buses 15. Memory or memories 13 may be of any type (rewritable or not RAM, non-volatile memory, etc.) or a combination of several types of memories.
Among possible attacks performed by persons attempting to extract confidential data (for example, a secret code) contained in memory 13, the present invention applies to so-called differential fault analysis attacks (DFA) which comprises the disturbing of the operation of microcontroller 1 by means of a radiation (laser, infrared, X-rays, etc.) or by other means (for example, by acting on the component power supply).
Some integrated circuits comprise software tools for detecting such disturbances by checking the correct execution of programs. For example, the same instructions are executed twice and it is checked whether they lead to the same result, or a signature calculation is performed on data extracted from memory 13.
A category of particularly efficient disturbances comprises the directional disturbing (orientation of a radiation, for example) of the peripheral circuits (address decoder) of memory 13 during an order for reading from an authorized area of this memory. “Authorized area” is used to designate an area, in which the data that it contains are allowed to come out of microcontroller 1, conversely to those of protected areas containing confidential data that must remain in this circuit. Disturbing, for example, the address decoder (assumed to be contained in block 13) of the memory enables jumping from an authorized memory area to a protected area. Since the executed order then is an order to read from the authorized memory, the hacker is likely to recover the critical data without the access control mechanisms detecting this access violation. For example, in case of a control of the address present on bus 15 by the central processing unit, said address is correct since the disturbance only intervenes in the peripheral area of memory 13. Software protection systems are most often ineffective against this type of fraud.
Another disadvantage of “software” solutions is that they take execution time from the capacity of the central processing unit.
A problem is to be able to detect such a disturbance. Once the disturbance has been detected, many solutions exist according to the applications, either to block the component, or to forbid the outputting of critical data, etc.
Another known fraud technique comprises disturbing the read amplifiers of memories (especially of ROMs), to modify the read value and thus modify the flow of the program having generated this reading. It is then possible, for example, to modify the comparison result to provide access to an unlimited number of trials of the pin code of a smart card.